As part of our ongoing research and consulting efforts, we frequently discover vulnerabilities in third-party products. Committed to enhancing the security of the digital ecosystem, we publish detailed security advisories according our vulnerability disclosure policy. You can find the full security advisories with complete details in our Github repository.
Below is an overview of our latest security advisories:
-
Filebrowser Sensitive Data Transferred in URL (CVE-2025-52901)
July 24, 2025 -
Filebrowser Insecure File Permissions (CVE-2025-52900)
July 24, 2025 -
Cyberduck and Mountain Duck – Weak Hash Algorithm for Certificate Fingerprint (CVE-2025-41256)
June 25, 2025 -
Cyberduck and Mountain Duck – Improper Certificate Store Handling (CVE-2025-41255)
June 25, 2025 -
Null pointer dereference in MediaTek Modem (CVE-2025-20647)
June 6, 2025 -
Laravel Reflected XSS via Route Parameter in Debug-Mode Error Page (CVE-2024-13919)
March 10, 2025 -
Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page (CVE-2024-13918)
March 10, 2025 -
Mediatek Modem – Selection of less-secure algorithm during negotiation ‘algorithm downgrade’ (CVE-2024-20069)
July 31, 2024